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APPELLANT'S REPLY BRIEF 

Sir: 

Appellant (herein, Applicant) hereby submits this Reply Brief to the Board 
of Patent Appeals and Interferences (hereinafter, the Board) under 37 C.F.R. §41.34 and in 
response to an Examiner's Answer dated June 23, 2006. This Reply Brief is filed within 
the two month period for response to the Examiner's Answer. If there are any deficiencies 
in payment, please charge deposit account no.: 50-1924 for any deficiency. 

STATUS OF CLAIMS 

Claims 1, 102-119, 125-161, 175-178, and 180-186 stand finally rejected 
and are pending in this appeal. Claims 2-101, 120-124,. 162-174 and 179 are canceled. 
Claims 1, 102-1 19, 125-161, 175-178, and 180-186 are reproduced, along with indications 
of canceled claims, in an Appendix accompanying this Brief as the claims stood 
subsequent to an Advisory Action dated January 31, 2006. 
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ARGUMENT 

Applicant respectfully submits that the arguments given in the previous 
Appeal Brief remain valid. The arguments presented herein are merely supplemental to 
the arguments in the Appeal Brief and further address what appear to be new arguments 
made by the Examiner in the Examiner's Answer. Applicant will address certain of the 
arguments given by the Examiner in the following manner. First, Applicant will describe 
structural differences between claimed subject matter and the cited reference, Raanan et 
al., U.S. Patent No. 6,31 1,278 (hereinafter, Raanan), where the structural differences 
amount to at least one missing element of the independent claims and therefore the 
independent claims are not anticipated by the cited reference. Second, Applicant will 
address a particular point of contention between the Examiner's arguments and the 
Applicant's arguments. Finally, Applicant will make additional comments. 

In the Examiner's Answer, the Examiner cites Raanan as disclosing the 
subject matter of claim 1 . See Examiner's Answer, page 4. In particular, the Examiner 
cites FIG. 2A and col. 5, lines 10-29 of Raanan. See Examiner's Answer, page 25. 
However, Applicant will show that the structure of the subject matter of the independent 
claims is different from the structure of Raanan and in particular FIG. 2A of Raanan. 

Independent claim 1 is representative and recites the following: 

A data processing system, comprising: 

a first processing resource in the form of a web server 
coupleable to an open communications network; and 

a second processing resource in the form of a back end 
server coupleable to said first processing resource; 

said first processing resource and said second processing 
resource being configured to establish a communications relationship 
between them through a non-network connected communications channel, 
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whereby said second processing resource is restricted to implementing an 
instruction communicated from said first processing resource which only 
performs a predetermined allowable operation, thereby inhibiting 
compromise of said second processing resource. 

The subject matter of claim 1 can be diagrammed, in one exemplary embodiment, as 
shown by the following portion of FIG. 3 of Applicant's specification, reproduced here for 
convenience. 
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As can be seen in this portion of FIG. 3 of Applicant's specification, the 
web server 1 0 is coupleable to the open communications network 2 and is coupled to the 
back end server 48 through the non-network connected communications channel 50. 
Clients, such as PC 1 1, contact the web server 10. It is the web server 10 that contacts the 
back end server 48 through the through the non-network connected communications 
channel 50. 



FIG. 2 A of Raanan is reproduced below: 
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Raanan specifically states that the "client then transmits a request directed to the server". 
Raanan, col. 5, line 10. It is clear in Raanan that it is the server 10 that responds to 
requests from clients 12. See Raanan at col. 2, lines 52-54 ("The method involves 
receiving a message from a server before it is sent or in parallel with sending to a client."). 
It is also clear in FIG. 2 A of Raanan that the filter module 14a is interposed between the 
clients 12 and the server 10. See also Raanan, FIGS. 1 and 2, and col. 2, lines 1-2. 
Independent claim 1 recites subject matter directed to a web server and a back end server 
configured to establish a communications relationship between them through a non- 
network connected communications channel. By contrast, it is clear in Raanan that only a 
single "server" (server 10) is shown. 

The Examiner asserts that the gateway/filter module 14/1 4a in Raanan 
meets the subject matter of "a first processing resource in the form of a web server 
coupleable to an open communications network". However, the filter module 14/14a is 
not "[a] computer or software package that sends requested information to a client or 
clients in a network". McGraw Hill Dictionary of Scientific and Technical Terms at page 
1905 (6th Ed. 2002). Instead, it is server 10 in Raanan that sends requested information to 
the client 12, as the server 10 is operating to respond to requests (directed to the server 10) 
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from the client 12. Furthermore, the element 14a in Raanan is also referred to as a 
"gateway". See Raanan, col. 4, line 10 (As shown in FIG. 2A, the gateway 14a"). A 
gateway is "[a] point of entry and exit to another system, such as the connection point 
between a local-area network and an external-communications network". McGraw Hill 
Dictionary at 884. 

Consequently, the structure is different between the apparatus in Raanan 
and the claimed subject matter in independent claim 1. These structural differences 
amount to at least one missing element of the independent claims, as Applicant recites "a 
first processing resource in the form of a web server coupleable to an open 
communications network" and "a second processing resource in the form of a back end 
server coupleable to said first processing resource" and Raanan only discloses one entity 
(i.e., server 10) that would apparently qualify as a "server". Thus, one of the web server 
or back end server is not disclosed in Raanan. According to the Examiner's argument, the 
server 10 qualifies (which Applicant does not admit) as a back end server. Assuming for 
sake of argument that this qualification is true, the web server of claim 1 is not disclosed 
in Raanan as the gateway/filter module 14/ 14a has been shown not to be a server. The 
Examiner is respectfully reminded that for a rejection to be made on the basis of 
anticipation, it is well recognized that "to constitute an anticipation, all material elements 
recited in a claim must be found in one unit of prior art", Ex Parte Gould, BPAI, 6 USPQ 
2d, 1680, 1682 (1987), citing with approval In re Marshall, 578 F.2d 301, 304, 198 USPQ 
344, 346 (CCPA 1978). For at least this reason, claim 1 is patentable over Raanan. 

It is noted that the Examiner cited col. 5, lines 10-29 of Raanan in the 
Examiner's Answer (see page 25). It is believed that this is the first citation by the 
Examiner of this particular section of Raanan. This section of Raanan is not detailed 
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about operation of the "robots" 24 and 26. However, Raanan states that "the filter module 
14 consists of two or more components as described in application Ser. No. 09/1 49,9 11" 
(Raanan, col. 4, lines 6-9). Applicant determined that Ser. No. 09/149,91 1 has issued as 
Reshef et al., U.S. Patent No. 6,321 ,337 (hereinafter, Reshef), a copy of which is enclosed 
for the convenience of the Examiner. Applicant has reviewed Reshef in order to attempt 
to determine detail missing in Raanan. After review, Applicant believes that Reshef also 
does not disclose at least one of the servers recited in independent claim 1. FIG. la of 
Reshef is shown below. 




In FIG. la of Reshef, clients exist in the external computing environment 16. The web 
server 13 and internal system server 14 exist in the internal computing environment 12. 
"[A] network security gateway 10 is connected between an internal computing 
environment 12 and an external computing environment 16." Reshef, col. 6, lines 44-46. 
As with Raanan, Reshef does not disclose one of "a first processing resource in the form 
of a web server coupleable to an open communications network" and "a second processing 
resource in the form of a back end server coupleable to said first processing resource". 
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This is true because one web server 13 is shown and the gateway 10 is not a web server. 
Consequently, the back end server is not disclosed in Reshef, in particular because there is 
no back end server such that the first processing resource in the form of a web server and 
the second processing resource in the form of a back end server are configured to establish 
a communications relationship between them through a non-network connected 
communications channel (as recited generally in independent claim 1). Therefore, 
independent claim 1 is patentable over Reshef. 

As each of the other independent claims 125, 135, 140, 175, and 180 recite 
generally two processing resources in the form of a web server and back end server that 
are are configured to establish a communications relationship between them through a 
non-network connected communications channel, these independent claims are patentable 
over Raanan (or Reshef). As independent claims 1, 125, 135, 140, 175, and 180 are 
patentable, their respective dependent claims 1, 102-119, 126-134, 136-139, 141-161, 176- 
178, and 181-186 are also patentable for at least the reasons given above with respect to 
claim 1 . 

As noted above, Applicant also herein addresses a point of contention 
between the Examiner's arguments and the Appellant's argument, which is whether 
Raanan discloses "said first processing resource and said second processing resource being 
configured to establish a communications relationship between them through a non- 
network connected communications channel as recited for instance in independent 
claim 1 . 

Applicant states the following in the specification: 

In a preferred embodiment of the invention, a dedicated 
communications channel 50 is disposed between web server 10 and 
backend server 48 for communicating messages between the web server 10 
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and backend server 48. Preferably, communications channel 50 is a non- 
network connected communications channel. In the present example, the 
dedicated communications channel 50 is a serial line, but may be a parallel 
connection. The communications channel 50 may comprise a twisted pair, 
optical fibre or wireless link, for example, and other suitable 
communications channels may be provided. 

Applicant's Specification, page 16, lines 2-9. 

The Examiner uses the above material to assert the following: 

From this example, it is clear that the non-network 
connected communications channel is any suitable form of communications 
channel. Stating that it is non-network connected refers only to the fact that 
it is not directly connected to and accessible by the open communications 
network (the only claimed network). 

Examiner's Answer, page 25. It is believed that the term "it" in the last sentence refers to 
a communications channel. The Examiner then proceeds to assert that "Raanan discloses 
a non-network connected communications channel as claimed" because every 
communication between the server 10 and the "open communication network" (i.e., clients 
12) in Raanan must pass through gateway 14a, which has external robot 26 and internal 
robot 24 that are connected using a dedicated, secure communication bus 28. 

However, as described above, the gateway 14a is not "a first processing 
resource in the form of a web server coupleable to an open communications network". 
Therefore, even if the "dedicated, secure communication bus 28" is "a non-network 
connected communications channel" (which Applicant does not admit), the subject matter 
of "said first processing resource and said second processing resource being configured to 
establish a communications relationship between them through a non-network connected 
communications channel" is not disclosed by Raanan, as there is no "a first processing 
resource in the form of a web server coupleable to an open communications network" and 
"a second processing resource in the form of a back end server coupleable to said first 
processing resource" disclosed in Raanan. A similar argument can be made regarding 
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Reshef, as although Reshef does show a web server 13 in FIG. la, Reshef does not 
disclose "a second processing resource in the form of a back end server coupleable to said 
first processing resource", where "said first processing resource and said second 
processing resource being configured to establish a communications relationship between 
them through a non-network connected communications channel". This is true at least 
because the gateway 10 in FIG. la of Reshef is not a back end server. 

It is believed that the preceding arguments render all pending claims 
patentable over the cited references. However, Applicant would like to make the 
following additional comments. 

In exemplary embodiments of the disclosed invention, the back end server 
will only accept a command it has been programmed to recognize as valid. The validity is 
determined by simple rules which can be reliability implemented. An attempt to pass 
general network traffic and to explore all the boundary conditions of a network protocol in 
order to compromise the second resource will fail. 

In another exemplary embodiment, no unauthorized commands are possible 
and no filtering devices, no protocol databases, and no dynamic handling are required, 
unlike in Raanan. 

On page 26, the Examiner makes an argument regarding HTTP. The 
Examiner asserts that the Applicant argues that since Raanan can transfer TCP/IP and 
HTTP data to/from the server, Raanan discloses only a network connection based system. 
It is believed that the system in Raanan is network-based at least insofar as clients and 
servers are concerned. It is noted that Raanan has a relatively poor description of the 
communication that occurs between the gateway, server, and clients. However, Reshef 
has a better description. In step 51 of FIG. 3b of Reshef, it is apparent that communication 
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between a client and external robot 26 (of the gateway 10; see Reshef FIG. la) is TCP/IP 
based. Furthermore, the communication between the internal robot 24 and the web server 
13 is also TCP based, as indicated by steps 92 and 102 in FIG. 3a of Reshef. Therefore, it 
appears that all communication outside the gateway 10 in Reshef is network-based. 

It is noted that the present application describes HTTP as a useful and 
common format of web pages. The defined and allowed list of commands in the disclosed 
invention may use HTTP as a way of formatting the pages. It is clear that this concerns 
format and files, and does not concern the "protocol HTTP". In contrast to Reshef (and 
Raanan), the disclosed invention does NOT support an internet-connected client making 
an HTTP/TCP request to the back end server. This is an important point of the invention, 
which is that the first processing resource (e.g., web server) can only make a specific set of 
requests to the second processing resource (e.g., back end server) and even if the first 
processing resource is compromised, there is no network protocol used in order to connect 
to the second processing resource. Hence, in an exemplary embodiment of the disclosed 
invention such as in independent claim 1 , no network-protocol-based attacks should be 
possible. 

At the bottom of page 26 and the top of page 27, the Examiner asserts that 
Applicant's argument regarding how clients direct requests to server and the server directs 
responses back to the client in Raanan is immaterial to the claims. Applicant respectfully 
disagrees. Applicant's arguments regarding that clients direct requests to server and that 
the server directs responses back to the client is used to show that the server and client in 
Raanan are on a network. After all, if a client 12 can direct a request to a server 10 in 
Raanan and the server 10 can respond to this request, the client 12 and server 10 seem to 
be on a network. Furthermore, the direction of requests by the client 10 to the server 10 is 
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in contradistinction to what occurs in claim 1 : in independent claim 1, a client would 
direct a request to the first processing resource that is in the form of a web server, and 
NOT to the second processing resource (which the Examiner argues is the server 10 in 
Raanan). ONLY the first processing resource in the form of a web server can direct 
information to the second processing resource in the form of a back end server, whereas in 
Raanan a client 12 directs requests to the server 10 and the requests pass through the 
gateway/filter module 14/ 14a. Therefore, Raanan does not disclose "a first processing 
resource in the form of a web server coupleable to an open communications network" and 
"a second processing resource in the form of a back end server coupleable to said first 
processing resource". The operation of clients and servers in Raanan is used to distinguish 
the claims of the disclosed invention over the structure and operation of the system in 
Raanan, regardless of whether the claims recite a "client". 

Regarding Issue B, Claims 106, 136, and 145 stand rejected as being 

obvious under 35 U.S.C. § 103(a) Raanan in view of Piccioni, U.S. Patent No. 6,842,774 

j 

(hereinafter, Piccioni). Claim 106 recites "A data processing system according to claim 
103, said second processing resource being configured to transmit an instruction fail 
message to said first processing resource responsive to said second processing resource 
determining said instruction failing to satisfy said predetermined criterion." The Examiner 
cites col. 6, lines 8-30 of Piccioni for purported disclosure of this subject matter. The cited 
text of Piccioni states the following: 

Communications server 34 may handle access to events 40 
by clients 20 over networks 14 and 18. More specifically, the web server 
portion of server 34 may receive requests to view web pages associated 
with events 40 from clients 20. Server 34 examines the requests and 
determines if the subscriber associated with the request may access the 
requested web page based on profile 46 and the access levels associated 
with the event 40. Server 34 may then reply to the subscriber with the 
requested web page with the subscriber has access to the page, a portion of 
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the requested web page when the subscriber has partial access to the web 
page or a failure message when the subscriber has no access to the 
requested web page. For example, a member of the media using either a 
custom profile 46 for the particular member or a generic "media" profile 46 
may be allowed to access date, location information, and certain details 
associated with kidnapping events 40, but not other details such as the 
current location of the suspect. This selective access prevents the suspect 
from using this information against the police. In one embodiment, server 
34 may generate web pages associated with events 40 such that all 
information associated with events 40 is available for unrestricted public 
access on the web site. 

Piccioni, col. 6, lines 30 (emphasis added). Applicant's disclosed invention is directed at 
least in part to preventing instructions from being executed on a server and is not directly 
related to a subscriber having no access to a requested web page. Moreover, in Piccioni, 
the failure message appears to be transmitted from a server to a subscriber, which appears 
to be similar to a client 12 in Raanan. By contrast, independent claim 106 has an 
instruction fail message transmitted from a second processing resource in the form of a 
back end server to the first processing resource in the form of a web server; any clients 
correspond with the web server and not the back end server. 

Applicant respectfully submits that Piccioni does not disclose the subject 
matter of claim 106. Consequently, claim 106 is patentable over the combination of 
Raanan and Piccioni. Because claims 136 and 145 have similar subject matter, these 
claims are also patentable over the combination of Raanan and Piccioni. 

Conclusion 

For at least the above reasons, the Applicant/ Appellant contends that claims 
1, 102-119, 125-161, 175-178, and 180-186 are patentable over the respective cited art. 
The Applicant/ Appellant respectfully requests the Board reverse the final rejection in the 
Office Action of October 12, 2005 and the Advisory Action of January 31, 2006, and 
further that the Board rule that the pending claims are patentable over the cited art. 
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Respectfully submitted: 
HARRINGTON & SMITH, LLP 
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(8) CLAIMS APPENDIX 

1 . A data processing system, comprising: 

a first processing resource in the form of a web server coupleable to an 
open communications network; and 

a second processing resource in the form of a back end server coupleable to 
said first processing resource; 

said first processing resource and said second processing resource being 
configured to establish a communications relationship between them through a non- 
network connected communications channel, whereby said second processing resource is 
restricted to implementing an instruction communicated from said first processing 
resource which only performs a predetermined allowable operation, thereby inhibiting 
compromise of said second processing resource. 

2-101. Canceled 

102. A data processing system as in claim 1, where said first processing resource is 
configured to transmit said instruction to said second processing resource for said 
instruction satisfying a predetermined criterion. 

103. A data processing system as in claim 1, where said first processing resource is 
configured to transmit said instruction to said second processing resource and where said 
second processing resource is configured to execute said instruction for said instruction 
satisfying a predetermined criterion. 
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104. A data processing system according to claim 103, said predetermined criterion 
comprising said instruction being included in a predefined set of allowable instructions for 
said second processing resource. 

105. A data processing system according to claim 102, said predetermined criterion 
comprising said instruction being identified as an allowable instruction for said second 
processing resource. 

106. A data processing system according to claim 103, said second processing resource 
being configured to transmit an instruction fail message to said first processing resource 
responsive to said second processing resource determining said instruction failing to 
satisfy said predetermined criterion. 

107. A data processing system according to claim 1, said second processing resource 
comprising a database of executable instructions defining predetermined allowable 
functionality of said second processing resource. 

108. A data processing system according to claim 1, said instruction comprising a 
computer program procedure name. 

109. A data processing system according to claim 102, said second processing resource 
configured to provide a reply message to said first processing resource responsive to an 
instruction satisfying said predetermined criterion. 

110. A data processing system according to claim 1, said first processing resource 
comprising a storage medium configured to store said instruction in a queue prior to 
transmission to said second processing resource. 
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111. A data processing system according to claim 1 , said instruction being comprised in a 
message for transmission to said second processing resource. 

112. A data processing system according to claim 111, said first processing resource 
comprising a storage medium configured to store said message in a queue prior to 
transmission to said second processing resource. 

113. A data processing system according to claim 111, wherein said message includes an 
instruction type and said first processing resource configured to include in said message an 
action code indicative of the instruction type. 

114. A data processing system according to claim 111, said first processing resource 
comprising a storage medium configured to store said message prior to transmission to 
said second processing resource, said message including an instruction type, said first 
processing resource being further configured to include in said message an action code 
indicative of the instruction type, and said first processing resource configured to store 
said message in accordance with a priority assigned to said action code. 

115. A data processing system according to claim 111, said first processing resource 
comprising a storage medium configured to store said message prior to transmission to 
said second processing resource, said first processing resource configured to store 
messages in accordance with their chronological order. 

116. A data processing system according to claim 1 14, said first processing resource 
being configured to select a stored message for transmission to said second processing 
resource in accordance with a priority determined by said action code of said message. 

117. A data processing system according to claim 1, said first processing resource 
configured to transmit said instruction or a message including said instruction responsive 
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to receiving a communication comprising sensitive information and to discard said 
sensitive information from said first processing resource. 

118. A data processing system according to claim 117, said message representing 
sensitive information derived from said communication. 

1 19. A data processing system according to claim 117, wherein said sensitive information 
is discarded in response to transmission of said message comprising sensitive information 
to said second processing resource. 

120-124. (Canceled) 

125. A data processing apparatus, comprising: 

a first processing resource in the form of a web server coupleable to an 
open communications network and to a non-network connected communications channel; 
said first processing resource being configured to transmit an instruction to a second 
processing resource in the form of a back end server disposed in a non-open network 
coupled data processing apparatus responsive to receiving a communication via said 
communications channel and for said instruction satisfying a predetermined criterion. 

126. A data processing apparatus according to claim 125, further comprising a storage 
medium to store said instruction in a queue prior to transmission to said second processing 
resource. 

127. A data processing apparatus according to claim 125, wherein said first processing 
resource is configured to form a message including said instruction for transmission to 
said second processing resource. 
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128. A data processing apparatus according to claim 127, wherein said message includes 
an instruction type and wherein said first processing resource is configured to include in 
said message an action code indicative of an instruction type. 

129. A data processing apparatus according to claim 128, wherein said first processing 
resource is configured to store messages in accordance with a priority assigned to said 
action code. 

130. A data processing apparatus according to claim 127, wherein said first processing 
resource is configured to store messages in accordance with their chronological order. 

131 . A data processing apparatus according to claim 127, said first processing resource 
being configured to transmit said instruction or message responsive to receiving a 
communication comprising sensitive information and to remove at least that part of said 
communication comprising said sensitive information from said first processing resource. 

132. A data processing apparatus according claim 125, said instruction comprising a 
computer program procedure name. 

133. A data processing apparatus according to claim 132, said predetermined criterion 
comprising said instruction or said computer program procedure being included in a 
predefined set of allowable instructions or computer program procedures for said second 
processing resource. 

134. A data processing apparatus according to claim 132, said predetermined criterion 
comprising said instruction or said computer program procedure being identified as an 
allowable instruction or computer program procedure for said second processing resource. 
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135. A data processing apparatus, comprising: 

a second processing resource in the form of a back end server that is 
configured to respond to an instruction received through a non-network connected 
communications channel from another processing resource in the form of a web server 
disposed in another data processing apparatus to execute only instructions satisfying a 
predetermined criterion. 

136. A data processing apparatus according to claim 135, further comprising a database of 
executable instructions defining predetermined allowable functionality of said data 
processing apparatus. t 

137. A data processing apparatus according to claim 135, said instruction comprising a 
computer program procedure name. 

138. A data processing apparatus according to claim 137, said predetermined criterion 
comprising said instruction or said computer program procedure being included in a 
predefined set of allowable instructions or computer program procedures for said second 
processing resource. 

139. A data processing apparatus according to claim 137, said predetermined criterion 
comprising said instruction or computer program procedure being identified as an 
allowable instruction or computer program procedure for said second processing resource. 

140. A method for operating a processing system including a first processing resource in 
the form of a web server coupleable to an open communications network and a second 
processing resource in the form of a back end server, the method comprising: 

establishing a communications relationship between said first and second 
processing resource through a non-network connected communications channel whereby 
said second processing resource is restricted to implementing an instruction communicated 
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from said first processing resource which only performs a predetermined allowable 
operation, thereby inhibiting compromise of said second processing resource. 

141. A method according to claim 140, said first processing resource transmitting said 
instruction to said second processing resource for said instruction satisfying a 
predetermined criterion. 

142. A method according to claim 140, said first processing resource transmitting said 
instruction to said second processing resource, and said second processing resource 
executing said instruction only if said instruction satisfies a predetermined criterion. 

143. A method according to claim 142, said predetermined criterion comprising said 
instruction being included in a predetermined set of allowable instructions for said second 
processing resource. 

144. A method according to claim 141, said predetermined criterion comprising said 
instruction being identified as an allowable instruction by said second processing resource. 

145. A method according to claim 142, further comprising said second processing 
resource transmitting an instruction fail message to said first processing resource 
responsive to said second processing resource determining said instruction failing to 
satisfy said predetermined criterion. 

146. A method according to claim 140, said second processing resource comprising a 
database of executable instructions defining predetermined allowable functionality of said 
second processing resource. 
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147. A method according to claim 146, further comprising said second processing 
resource comparing said instruction with said database of executable instructions for 
determining whether said instruction is an allowable instruction. 

148. A method according to claim 140, said instruction comprising a computer program 
procedure name. 

149. A method according to claim 141, further comprising said second processing 
resource providing a reply message to said first processing resource responsive to said 
second processing resource determining that an instruction satisfies said predetermined 
criterion. 

1 50. A method according to claim 140, further comprising said first processing resource 
storing said instruction in a queue prior to transmitting said instruction to said second 
processing resource. 

151 . A method according to claim 140, said first processing resource forming a message 
comprising said instruction and transmitting said message to said second processing 
resource. 

152. A method according to claim 151, further comprising said first processing resource 
storing said message in a queue prior to transmitting said message to said processing 
resource. 

153. A method according to claim 151, further comprising said first processing resource 
forming said message to include an action code indicative of an instruction type included 
in said message. 
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154. A method according to claim 1 53, further comprising said first processing resource 
storing said message in accordance with a priority assigned to said action code. 

155. A method according to claim 151, further comprising said first processing resource 
storing said message in accordance with a chronological order. 

1 56. A method according to claim 1 53, further comprising said first processing resource 
transmitting a message to said second processing resource in accordance with a priority 
determined by said action code of said message. 

157. A method according to claim 151, further comprising said first processing resource 
transmitting said instruction or message in response to receiving a communication 
comprising sensitive information and discarding said sensitive information from said first 
processing resource. 

158. A method according to claim 151, further comprising said first processing resource 
deriving sensitive information from a communication, and including said sensitive 
information in said message. 

159. A method according to claim 158, further comprising said first processing resource 
discarding said sensitive information in response to a transmission of said message 
comprising said sensitive information to said second processing resource. 

160. A method according to claim 1 58, further comprising said first processing resource 
discarding said sensitive information within a predetermined time period. 

161. A method according to claim 160, wherein said time period is one of the following: 
(1) less than 2 minutes from receipt of said communication, (2) less than 1 minute from 
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receipt of said communication or (3) the shortest time possible from receipt of said 
communication. 

162-174. (Canceled) 

1 75. A carrier medium comprising computer machine readable instructions, translatable 
for configuring a data processing apparatus or system to include or establish a 
communications relationship through a non-network connected communication channel 
between a first processing resource in the form of a web server coupleable to an open 
communications network and a second processing resource in the form of a back end 
server whereby said second processing resource is restricted to implementing an 
instruction communicated from said first processing resource which only performs a 
predetermined allowable operation, thereby inhibiting compromise of said second 
processing resource. 

176. A carrier medium according to claim 175, further translatable for configuring said 
data processing apparatus or system to transmit said instruction from said first processing 
resource to said second processing resource for said instruction satisfying a predetermined 
criterion. 

177. A carrier medium according to claim 175, further translatable for configuring said 
data processing apparatus or system to transmit said instruction from said first processing 
resource to said second processing resource, and said second processing resource 
executing said instruction only if said instruction satisfies a predetermined criterion. 

178. A carrier medium according to claim 175, where said carrier medium comprises at 
least one of the following: 

a solid-state memory; 



a magnetic tape memory medium; 
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a magnetic disc; and 

an optical storage medium. 

179. (Cancelled) 

180. A carrier medium comprising computer or machine readable instructions for 
configuring a data processing apparatus or system comprising a first processing resource 
in the form of a web server coupleable to an open communications network and a second 
processing resource in the form of a back end server to establish a communications 
relationship between said first and second processing resources through a non-network 
connected communication channel; and 

to transmit an instruction from said first processing resource to said 
processing resource for said instruction satisfying a predetermined criterion, whereby said 
second processing resource is restricted to implementing an instruction, communicated 
from said first processing resource which only performs a predetermined allowable 
operation, thereby inhibiting compromise of said second processing resource. 

181. A carrier medium as in claim 1 80, said second processing resource executing said 
instruction only if said instruction satisfies said predetermined criterion. 

1 82. A carrier medium in accordance with claim 1 80, said carrier medium comprising at 
least one of the following: 

a solid-state memory; 

a magnetic tape memory medium; 
a magnetic disc; and 



an optical storage medium. 
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183. A data processing system according to claim 1, wherein the system is configured to 
operate in a command mode for transmitting commands from the second processing 
resource to the first processing resource. 

1 84. A data processing system according to claim 1 1 7, said first processing resource 
being configured to discard said sensitive information within a predetermined time period. 

1 85. A data processing system according to claim 1 84, wherein said time period is one 
of the following: (1) less than two minutes from receipt of said communication or (2) the 
shortest possible time from receipt of said communication. 

186. A method according to claim 140, further comprising operating the processing 
system in a command mode for transmitting commands from the second processing 
resource to the first processing resource. 



END OF CLAIMS 



